xss – Page 14 – WindowsTechs.com

XSS in location.hash.match() function

Posted on December 5, 2022 by yaman jain

I was solving a CTF. Just reading the source code of the web page, I found a vulnerable piece of code:
var r4c='(.*?)’;
var results = location.hash.match(‘token\\(‘+r4c+’\\);’);

I am unable to match any string with ‘token\\(‘+r4c+’\\);’… Continue reading XSS in location.hash.match() function→

Adding a script tag after the html closing tag

Posted on November 29, 2022 by RudeusGreyrat

I am still a beginner in web vulnerability. While I was browsing on the internet I saw a challenge inspired by a real life security crisis. We are given a pcap of a malware infection that was done in 2014 (Neutrino though adobe Flash).
App… Continue reading Adding a script tag after the html closing tag→

Which xss is this, I wrote a script in console (getcookie)

Posted on November 10, 2022 by Nkumar

I wrote a script to get the cookie in the console of a website when pressed enter that pop up with xss vulnerability.
Which xss is this: reflected or stored?

Continue reading Which xss is this, I wrote a script in console (getcookie)→

How secure is using https://*.domain.com as a value in a Content Security Policy?

Posted on November 10, 2022 by Sky

Let’s say I am an organization with all my resources on example.com. I have a web server in the DMZ that hosts a website named app.example.com open to the internet.
The CSP for that website is Content-Security-Policy: default-src ‘self’ ht… Continue reading How secure is using https://*.domain.com as a value in a Content Security Policy?→

Check for special characters in request parameters

Posted on November 8, 2022 by Abc123

Our system is accepting requests including special characters, see parameter2.
Request [
{
"reqHeader": {
"parameter1": "abc",
"parameter2": "123456 script&gt… Continue reading Check for special characters in request parameters→

AES Encryption as XSS protection for url parameters?

Posted on November 7, 2022 by xsrf

So, I found a website that uses AES encryption to prevent XSS and I’m wondering if this approach is inherently flawed.
It has an endpoint like execute.php?code=encryptedPayload which de-crypts the payload and directly executes it as JavaSc… Continue reading AES Encryption as XSS protection for url parameters?→

Should I worry about excessive data forgery from my users on Firebase?

Posted on October 23, 2022 by Lewis

I’m getting familiar with Firebase and the firestore database.
I have a small project relying on a certain data format. It is a simple React project with direct connexion to its firestore, so no back-end. I know this is usually a bad desig… Continue reading Should I worry about excessive data forgery from my users on Firebase?→

What could go wrong with this inlined javascript variable initialization in ASP?

Posted on October 21, 2022 by Anis LOUNIS aka AnixPasBesoin

I am currently reviewing an ASP application where this javascript initialization is used all over the place:
const someValue = "<% get_some_value() %>";

And this pattern is actually something recommended in some StackOverf… Continue reading What could go wrong with this inlined javascript variable initialization in ASP?→

How to turn this particular HTML rendering into a XSS or open redirection

Posted on October 19, 2022 by Sai Dutt Mekala

I am performing penetration testing on a web application. Let’s say the site as "https://example.com"
There is a comment field , where a user can add data and it will be shown in the same page.
So I was trying multiple payloads a… Continue reading How to turn this particular HTML rendering into a XSS or open redirection→

What are the ways in which XSS can be done in innerHTML

Posted on October 12, 2022 by CodeTalker

Server has blacklisted <img> and <a> tags in input.
Server does:
var myvar = url.searchParams.get(‘query’))
document.getElementById("id").innerHTML = myvar

<img> and <a> tags are not working. What are oth… Continue reading What are the ways in which XSS can be done in innerHTML→